Skip to content

refactor: Improve User experience #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
Aug 12, 2025
Merged

refactor: Improve User experience #254

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
873f34d
refactor: Improve User experience
mukulpalit-ibm Jul 14, 2025
bbb518a
update iam permissions
mukulpalit-ibm Jul 15, 2025
59d2ff2
update iam permissions
mukulpalit-ibm Jul 15, 2025
9026d09
PR changes
mukulpalit-ibm Jul 16, 2025
80d71e4
Update notes for catalog
mukulpalit-ibm Jul 16, 2025
6d1ebdf
Update depends on
mukulpalit-ibm Jul 17, 2025
32d72a4
Update virtual variables
mukulpalit-ibm Jul 17, 2025
20ad5d0
update description
mukulpalit-ibm Jul 24, 2025
08f828b
Merge branch 'main' into 14186-improve-user-experience
mukulpalit-ibm Jul 24, 2025
f4dc54d
update description
mukulpalit-ibm Jul 24, 2025
02a31e5
restore workaround
mukulpalit-ibm Jul 25, 2025
b775722
Merge branch 'main' into 14186-improve-user-experience
mukulpalit-ibm Jul 28, 2025
3de4261
Merge branch 'main' into 14186-improve-user-experience
mukulpalit-ibm Aug 4, 2025
1bb12c2
restore Observability
mukulpalit-ibm Aug 4, 2025
369aab9
restore Observability
mukulpalit-ibm Aug 4, 2025
7c27820
PR changes
mukulpalit-ibm Aug 5, 2025
40a77ba
new region
mukulpalit-ibm Aug 5, 2025
8364462
PR changes
mukulpalit-ibm Aug 7, 2025
fb3ede5
Merge branch 'main' into 14186-improve-user-experience
mukulpalit-ibm Aug 11, 2025
2264a49
PR changes
mukulpalit-ibm Aug 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
189 changes: 148 additions & 41 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
"ibm_created",
"terraform",
"solution",
"support_ibm"
"target_terraform"
],
"keywords": [
"terraform",
Expand All @@ -26,13 +26,17 @@
"provider_name": "IBM",
"features": [
{
"title": "Provision Collection",
"description": "Supports creation of collection to help manage feature flags and dynamic properties at scale."
"title": "Collection",
"description": "Supports creation of one or more collections depending on the plan to help manage feature flags and dynamic properties at scale."
},
{
"title": "CBR Enhanced Security",
"description": "Provides support for defining context-based restrictions (CBR) to enhance security and control access based on network policies."
},
{
"title": "Trusted Profile",
"description": "Creates trusted profile needed with required access for configuration aggregator."
},
{
"title": "Configuration Aggregator",
"description": "Supports creation and management of configuration aggregator to manage configurations across multiple App Configuration instances."
Expand All @@ -43,6 +47,7 @@
{
"label": "Fully configurable",
"name": "fully-configurable",
"index": 1,
"install_type": "fullstack",
"working_directory": "solutions/fully-configurable",
"compliance": {
Expand Down Expand Up @@ -192,7 +197,13 @@
]
},
{
"key": "app_config_collections"
"key": "app_config_collections",
"type": "array",
"custom_config": {
"type": "textarea",
"grouping": "deployment",
"original_grouping": "deployment"
}
},
{
"key": "app_config_tags",
Expand Down Expand Up @@ -229,7 +240,13 @@
"key": "config_aggregator_enterprise_account_ids_to_assign"
},
{
"key": "app_config_cbr_rules"
"key": "cbr_rules",
"type": "array",
"custom_config": {
"type": "textarea",
"grouping": "deployment",
"original_grouping": "deployment"
}
},
{
"key": "provider_visibility",
Expand All @@ -252,10 +269,11 @@
],
"iam_permissions": [
{
"service_name": "resource-group",
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Viewer"
]
],
"service_name": "Resource group only",
"notes": "Viewer access is required in the resource group you want to provision in."
},
{
"role_crns": [
Expand All @@ -264,27 +282,77 @@
],
"service_name": "apprapp",
"notes": "Required for provisioning the App Configuration instance."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
"service_name": "All Account Management services",
"notes": "[Optional] Required for consuming Account Configuration deployable architecture which creates resource group or enabling `enable_config_aggregator` flag."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
"service_name": "All Identity and Access enabled services",
"notes": "[Optional] Required for consuming Account Configuration deployable architecture which creates resource group with account setting or enabling `enable_config_aggregator` flag that creates trusted profile for authentication."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Writer",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "atracker",
"notes": "[Optional] Required for consuming Activity Tracker Event Routing deployable architecture."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "sysdig-monitor",
"notes": "[Optional] Required for consuming Cloud Monitoring deployable architecture."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "logs",
"notes": "[Optional] Required for consuming Cloud Logs deployable architecture."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "hs-crypto",
"notes": "[Optional] Required for enabling Hyper Protect Crypto Services in Event Routing and Cloud Logs deployable architecture."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "kms",
"notes": "[Optional] Required for enabling KMS encryption in Event Routing and Cloud Logs deployable architecture."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor"
],
"service_name": "cloud-object-storage",
"notes": "[Optional] Required for enabling COS in Event Routing and Cloud Logs deployable architecture."
}
],
"architecture": {
"descriptions": "This architecture supports creating and configuring an IBM Cloud App Configuration",
"features": [
{
"title": "App Configuration instance with Collections",
"description": "Creates App Configuration instance. Collections can be created and configured for the instance"
},
{
"title": "Use existing resource group",
"description": "Supports deployment into an existing IBM Cloud resource group."
},
{
"title": "CBR Enhanced Security",
"description": "Enforces network-based access control through context-based restrictions (CBR) rules."
},
{
"title": "Configuration Aggregator",
"description": "Enables the creation and management of configuration aggregator to consolidate and monitor configurations across multiple App Configuration instances."
}
"title": " ",
"description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
}
],
"diagrams": [
{
Expand All @@ -307,7 +375,10 @@
"resource-groups-with-account-settings"
],
"default_flavor": "resource-group-only",
"version": "v3.0.7",
"id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global",
"optional": true,
"on_by_default": false,
"input_mapping": [
{
"dependency_output": "workload_resource_group_name",
Expand All @@ -323,48 +394,84 @@
"version_input": "provider_visibility",
"reference_version": true
}
],
"optional": true,
"on_by_default": false,
"version": "v3.0.7"
]
},
{
"name": "deploy-arch-ibm-observability",
"description": "Enable to provision and configure IBM Cloud Logs, Cloud Monitoring, Metrics routing and Activity Tracker event routing for analysing logs and metrics generated by the App Configuration instance.",
"name": "deploy-arch-ibm-cloud-logs",
"description": "Enable this to create an IBM Cloud Logs (ICL) Instance which can be used for storage and analysis of events ingested by Activity Tracker. ",
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
"flavors": [
"instances"
"fully-configurable"
],
"id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global",
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
"id": "63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global",
"version": "v1.5.6",
"optional": true,
"on_by_default": true,
"input_mapping": [
{
"dependency_output": "cloud_monitoring_crn",
"version_input": "existing_monitoring_crn"
},
{
"dependency_input": "prefix",
"version_input": "prefix",
"reference_version": true
},
{
"dependency_input": "existing_resource_group_name",
"version_input": "existing_resource_group_name",
"reference_version": true
},
{
"dependency_input": "region",
"version_input": "region",
"reference_version": true
},
}
]
},
{
"name": "deploy-arch-ibm-cloud-monitoring",
"description": "Enable IBM Cloud Monitoring to gain operational visibility into your cloud storage buckets.",
"id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global",
"version": "v1.3.0",
"flavors": [
"fully-configurable"
],
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
"optional": true,
"on_by_default": true,
"input_mapping": [
{
"dependency_input": "enable_platform_metrics",
"version_input": "enable_platform_metrics",
"dependency_input": "prefix",
"version_input": "prefix",
"reference_version": true
},
{
"dependency_input": "logs_routing_tenant_regions",
"version_input": "logs_routing_tenant_regions",
"dependency_input": "region",
"version_input": "region",
"reference_version": true
}
]
},
{
"name": "deploy-arch-ibm-activity-tracker",
"description": "Enable to provision and configure Activity Tracker event routing for routing cloud events generated by the App Configuration instance.",
"id": "918453c3-4f97-4583-8c4a-83ef12fc7916-global",
"version": "v1.1.3",
"flavors": [
"fully-configurable"
],
"catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
"optional": true,
"on_by_default": true,
"version": "v3.0.3"
"input_mapping": [
{
"dependency_input": "prefix",
"version_input": "prefix",
"reference_version": true
},
{
"dependency_input": "region",
"version_input": "region",
"reference_version": true
}
]
}
],
"dependency_version_2": true,
Expand Down
2 changes: 1 addition & 1 deletion reference-architecture/app_configuration.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
6 changes: 3 additions & 3 deletions solutions/fully-configurable/DA-cbr_rules.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# Configuring context-based restrictions (CBRs)

The `app_config_cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.
The `cbr_rules` input variable allows you to provide a rule for the target service to enforce access restrictions for the service based on the context of access requests. Contexts are criteria that include the network location of access requests, the endpoint type from where the request is sent, etc.

- Variable name: `app_config_cbr_rules`.
- Variable name: `cbr_rules`.
- Type: A list of objects. Allows only one object representing a rule for the target service
- Default value: An empty list (`[]`).

### Options for app_config_cbr_rules
### Options for cbr_rules

- `description` (required): The description of the rule to create.
- `account_id` (required): The IBM Cloud Account ID
Expand Down
38 changes: 0 additions & 38 deletions solutions/fully-configurable/DA-prefix.md
View file
Open in desktop

This file was deleted.

10 changes: 1 addition & 9 deletions solutions/fully-configurable/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,3 @@
# Cloud automation for App Configuration

[![Catalog release](https://img.shields.io/badge/release-IBM%20Cloud%20Catalog-3662FF?logo=ibm)](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-apprapp-045c1169-d15a-4046-ae81-aa3d3348421f-global)

This solution supports provisioning and configuring the following infrastructure:

- App Config instance and collections
- Optional context-based restrictions (CBR)
- Configuration aggregator
# Cloud automation for App Configuration (Fully configurable)

:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
2 changes: 1 addition & 1 deletion solutions/fully-configurable/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,5 @@ module "app_config" {
config_aggregator_enterprise_trusted_profile_template_name = "${local.prefix}${var.config_aggregator_enterprise_trusted_profile_template_name}"
config_aggregator_enterprise_account_group_ids_to_assign = var.config_aggregator_enterprise_account_group_ids_to_assign
config_aggregator_enterprise_account_ids_to_assign = var.config_aggregator_enterprise_account_ids_to_assign
cbr_rules = var.app_config_cbr_rules
cbr_rules = var.cbr_rules
}
7 changes: 4 additions & 3 deletions solutions/fully-configurable/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
region = var.region
visibility = var.provider_visibility
ibmcloud_api_key = var.ibmcloud_api_key
region = var.region
visibility = var.provider_visibility
private_endpoint_type = (var.provider_visibility == "private" && var.region == "ca-mon") ? "vpe" : null
}
Loading